Archive for the ‘.gov’ Category

We are beginning to reap the whirlwind in the news cycle from the election of Trump and his breaking of norms that this country and the world have come to rely on. This is exactly what Putin wanted, a country in the midst of a political and social rift that takes our eye off the global ball and allows for negative actions to be carried out without sanction. We have seen Trump set the constitution on fire, the Judicial body of the United States, the Economic norms, and generally break up the balance of power in the world. This has allowed Putin to have greater freedom to act and in turn now others feel empowered. China, North Korea, Syria, and most recently Saudi Arabia have taken actions that would in normal times, possibly not been acted on were the nations not at odds generally due to America’s abdication of its role.

Let’s cover some of the things going on…

RUSSIA:

Putin is still working the levers of power and in so doing he is still making moves on Ukraine all the while leveraging the problems in Syria as well. His actions are two fold, first to annex Ukraine altogether if he can. If he can’t then he will continue to fight with disinformation and active measures campaigns until he has more control over the area even if he cannot all out annex them back into Russia proper. Meanwhile, in Syria, Putin is leveraging Erdrogan and the battle there with da’esh to gain a foothold in the region and have a friendly dictator he can someday use as a proxy against others in the world.

Meanwhile, Putin keeps having his enemies killed off in interesting ways. The list has been topped off as of yesterday with an oligarch who ran afoul of him being found in a park choked to death by a dog leash.

…. A dog leash….

Now that is a metaphor huh? Putin will continue on liquidating his problems with impunity because the norms have all been broken because of Trump. The U.N. NATO, all of the normative bodies have been rebuffed by Trump and weakened. All that is lacking now is an assassination of a Putin enemy on American soil for his win to be complete. Putin pulled a master stroke in helping Trump win. Even so, don’t believe for a second that Putin isn’t also waiting to not only use Trump more, but if Trump begins to fail him he will continue to perform flyovers in our air space like he has been with the BEAR FOXTROTS over Alaska and likely will become more aggressive. I have yet to hear anything about SSN activity but be assured they are there… Waiting.

CHINA:

China has upped it’s espionage games since Trump started his little trade war with them. Recent events have shown a rise in hacking and phishing campaigns that had slowed down since the Xi and Obama agreement. That’s over now though and with the trade war heating things up, and rankles the core ideal of China to be an economic superpower, we are going to see not only more hacking and phishing with a side of theft of IP but also now classical espionage tradecraft to carry out the same goals. All of this will only escalate against the US as we move forward and likely set more things on fire by Trumps economic disaster plan.

MEANWHILE…. China feels empowered too because of all the fractiousness in the world’s governing bodies and has made the ex INTERPOL chief disappear while in China. Gee, China is now feeling like they can just disappear the head of an international investigative body.

Nice.

As all of this is going on we also have coincidentally, the arrest of an MSS asset in Belgium for economic espionage against the US aerospace community. Hmmmm gee, what a coincidence that this happens as the INTERPOL chief is disappeared. As you can see, and perhaps make the connections yourselves, it may be that the MSS is reacting to the impending arrest and or extradition of their asset by grabbing another as a warning?

Hmmm….

Yes, expect more to come out of China with the worsening of the trade wars as well as the eroding of the worlds norms on illegality.

SAUDI ARABIA:

Next up, Saudi Arabia seems to have lured a Washington Post reporter to Saudi only to kill and perhaps dismember him in an embassy there. Saudi has never before been as bold and I directly point toward the breaking of all the norms and groups for this action too. It’s been pretty blatant and I suspect there will be no sanction over this. I mean, look, it’s Saudi right? OPEC, oil? Not to mention that Trump was basically setting himself up to be their stooge since the beginning. Nope, nothing will come of this and now the Saudi’s have killed an Saudi journalist working for an American news org.

I also want to mention the whole glossy magazine that was put out by Trump’s friend David Pecker back last summer. What was this all about? Well, it seems that that was a PR move to make the house of Saud more accessible to the US consumer? Put another way, the new crown prince wanted to look progressive and hip and with the help of Pecker they tried real hard. It’s just that this mark was missed with this publication. In fact it only made an already wary populace start asking questions as to why this happened and what kind of conspiracy was afoot. Expect more to come out of this Saudi reporters death and it will likely not be pretty. If they get away with this, and I think they will, then expect Saudi to pull some more stunts in the future as the crown prince get’s more bold.

TRUMP REPUBLICANS:

Finally, the TRUMP party, I really don’t consider them Republicans anymore, will continue to push the limits of the nations norms and laws until they are just removed from power. The events around the recent SCOTUS nomination and confirmation of Kavanaugh are a clear example of how the Trump party is abusing their control over the house and senate to get whatever they want over what the governed wants. The Kavanaugh thing is just the most naked misuse of their power though to date and I am sure more will be coming once Trump replaces Sessions with a minion under his control. This will set the trifecta into play; DOJ under his control, SCOTUS under his control, and Mueller with a new target painted on his back.

I fully expect that when this happens the Russia investigation will be liquidated and the Trump party will lock arms and say that this is not a constitutional crisis. Of course then the DOJ will agree and SCOTUS will concur. It will all disappear at least legally right? This is Trump’s greatest desire and it seems more and more likely that this can happen because of the Kavanaugh ascension. An alternate timeline to this would be that Trump allows the investigation to finish but then has Kavanaugh in his pocket to be the deciding vote on whether or not a sitting president can be indicted.

Either way, it seems that if Trump can replace Sessions with a partisan minion, we are all doomed.

Even more worrying is the upcoming mid term elections. If the Trump party continues to be in contol, expect to look fondly at the times of outrage over Trump’s mild bad actions because he will feel empowered to do even more bad things if he has total control.

Once again, thanks Putin.

We are at a tipping point here and not just with regard to climate change kids.

Recently there has been a lot of hubbub about Bellingcat pivoting from tracking military movements and downed planes to exposing GRU operatives who have carried out poisoning operations in the UK. Personally I have watched with a mix of trepidation and angst over what they have been doing recently with the liquidators they have fingered for the Skripal poisonings. I have mixed feelings on all this because while I think they may in fact be right, they could also be being used by their “sources” in Russia as well as possibly be used in future to their detriment by Russia and other nation state services for disinformation operations. Even worse, this group and their OSINT could in fact get in the way of real operations by those same services of friendly nations and could endanger themselves if not others in the field by dropping these bits of intel.

OSINT is a new flavor of the day in the information security world but it has been a long standing practice in certain circles in the other community. The difference here is that the OSINT carried out before was by trained individuals within the intelligence community and not put out for general consumption for the world at large. Today, we have Bellingcat dropping all kinds of data that may or may not be correct that is messing directly with operations by a rogue nation (Russia) and a dictator (Putin) that has no compunction about just killing off the people who oppose him enough to cause him heartburn. This is the big difference here and I just want Bellingcat to take that into account as they do what they seem to be doing with regard to GRU ops. As far as I know, the people who work for Bellingcat are not former intel community, maybe there are some, someone can let me know, but you have to consider that the majority of the people there are not spooks and might be out of their depth in this regard.

Additionally, I would like to reiterate that these discoveries could be actually disinformation provided to you all by services like the SVR to hurt the GRU too. In the world of espionage you are forced to live in the wilderness of mirrors kids. Intelligence analysis is a real art and I am just not so sure your carrying it out completely with these dumps on the GRU carefully considering that fact. Just please consider that you are being played now and if not now, you will be in the future to your detriment by nation state actors for their own goals. That said, please take everything some group gives you so handily, even if the data is in fact correct, as a possible dangle or disinformation operation before you just dump it to the BBC.

Lastly, let me just say again in rather plain language, playing this game can get you dead. Russia is at a point with Putin that they just don’t give a fuck and if you are in their way, and enough of a problem, they will destroy you or kill you. Just look at Sergei and his daughter! Or for that matter, look at Anna Politkovskaya, Alexander Litvinenko, and more than a few other impediments that Putin got rid of. It may not happen now, but I can assure you if you piss them off too much, you will get their unwanted attention.

Just a caution….

Oh, and while I am talking about deaths, it seems that a relative of one of the assassins has been perhaps made missing or killed in Russia as well. So, you all have to consider the possibilities of your hubris in what you do in the form of innocent collateral damage to others.

Just sayin…

K.

Rate this:

This tweet came up in my feed this morning and it got me thinking. There has been a lot of talk about how disrupting or denying the sources of disinformation could put a stop to it altogether. I for one have not been a proponent of strictly technical solutions to this because they never will work fully and while you can play whack a mole with fake news or disinfo operations, it will always propagate with those who have the cognitive bias and dissonance. What I mean by that is that the mind virus that is fake news or disinformation is just that, those who are disposed to it will propagate it if not create it out of whole cloth for their own reasons be they financial, cultural, or psychological.

While it has been shown that if you give those predisposed to these narratives, the truth once or twice they do not come to the conclusion that they are in fact falsehoods. In fact, the studies thus far have shown that you must repeatedly bombard those individuals with the truth (truth bombs heh) until they actually accept the truth. So, unless you can force these individuals to accept “truth” via other channels than the disinformation feeds, you will have little luck in stopping the disinformation from doing it’s harm and being magnified by those predisposed to their belief in them.

So, what I am saying here is that once again, the technology will not be able to stop the false narratives. The technologies today short of a truly Turing compliant AI that is plugged into the internet as a whole, will not be stopping the disinformation never mind those campaigns of falsehoods by the likes of an Alex Jones because they will be passing them in email, news sites, comments in sites, texts, tweets, over the phone, over the air, …everywhere possible. The reliance or thought of reliance on technologies alone to save us from all this kind of warfare is patently naive. The psychology of why disinformation works and how these things propagate WITH the technology is where we need to focus. More so we need to focus on the psychological aspects in relation to how we might leverage technologies to get the truth into the right minds with repeated viewings is key. Alas though, I fear that this is not what many in the technology space are considering and are relying on algorithms instead of focusing on the animal behind the keyboard. Until we do this I am afraid we are quite doomed to failure.

I also began to parse this tweet out a bit as well on the hacking versus the disinformation campaign. It is quite clear that the hacking and the dumps of information were at some level laced with disinformation but not as a whole was the hack a part of the disinformation campaigns by the GRU. While “not getting hacked” is a good start, the real problems came from other sources and in fact when I looked at the DC leaks stuff and the claims I did come up with some gold that the data did not come from the Clinton Foundation, but instead was DCCC and DNC only to the contrary of what Guccifer 2.0 wanted people to believe.

So yeah, the information being hacked surely added to the mix of disinformation out there but it was not a main contributor to it. Overall, the problems of disinformation rely much more on the psychology of the tribes at play now and the cognitive issues we have within them than the hacking ever did. It turned out at least in the Clinton campaign there was no real “there” there to latch on and make her look even worse with an expose of wrongdoings. The most we got was that they were treating Bernie poorly but really, that was it.

Where were the Benghazi revelations?

Where where the revelations that she and others were running a pedophile ring out of a pizza parlor in DC?

Where was the absolute proof that Clinton had ordered the murders of a number of US citizens and in fact was funneling monies around to places like Panama?

Oh yeah, there were none and this is the reason why the others out there including the GRU and the SVR were creating those narratives on Twitter, Reddit, and elsewhere for those predisposed to those mental virus were living and ready to echo the message to others. When the day comes that we see a dump of information that has been tampered with well enough to detect forensically, then we can parse that out a bit and prove out that a hacked dbase was the cause of disinformation like some of the DC leaks stuff tried to be. Other than that, the two roads do not meet in my book.

The technology is the amplifier but the humans behind the keyboard are the real engines here.

K.

Rate this:

Of late I have been working on my keynote for Circle City Con and as such been preoccupied with espionage in the digital age. As it turns out the keynote got me thinking about classical espionage quite a bit so the actual burning of an asset (in this case a CI Cooperating Informant working for the FBI) is unfortunately timely. The use of HUMINT in this case to collect information is a key part of the investigation and having this kind of asset burned by demands of the President is extraordinary. Of course others have been burned like Valery Plame, but she was an actual NOC agent! This though sets a bad precedent for the intelligence community and bodes ill for those other sources out there who might want to help us in future.

This is what happens when investigations and agencies are attacked for political gains by those actors who are adept at obfuscations. Of late all of the goings on surrounding the clear attack by Russia against this country and our electoral system have become so politically charged and muddled by active measures on the part of Republican supporters of Trump and his other minions has made me just turn off the news and walk away. It is my hope that this does not escalate further into a full blown constitutional crisis but it is kinda looking that way right now.

As we move forward though, I want you all to realize that these events concerning this source are extraordinary and not the norm for certain. It is only the ability of the president with a will to do so, to break every norm and attempt to subvert the very things that make America “Great” that we have an asset like this burned and likely feeling the pressure of attacks by Trump Nationalists and even perhaps now on the radar of the Russians. Any other circumstance where someone might be a source though on the FBI side may be a bit more safe than this particular instance.

However…

IF you are an asset for the US and you are currently working against any other countries interest, and perhaps particularly Russia, you may be in more danger as it seems that if Trump and his minions have their way, they could leverage this attack against others in thrall to their financial and kompromat masters. It may be time to get your bugout bags and your exfil plans ready…

Just sayin.

K.

Rate this:

Last week I came across some tasty data out on the net concerning the clients that Cambridge Analytica had been serving in the last election cycle other than Trump. Within that data dump I also came across some python scripts for harvesting data on Twitter as well from a developer at CA which ties them also to mining and using potentially, Twitter as well as Facebook to create pscyhographic profiles and to target those people out there who had the same sentiments and desires around electing Trump as president. What I found in looking at the data and doing some research has brought me to the notion that Analytica’s part in this whole thing was just one sliver of a larger whole. That together with the Russian active measures campaigns, disinformation, propaganda, and echo chamber incitement thereof, Analytica helped target some of the people that Russia needed to target as well as the Trump campaign itself.

In fact, after really digging in here, it has become clear to me that Facebook may have a larger part of the problem with their algorithms that commoditize their user base and allowed for weaponizing of that data to be used in the propaganda campaigns by the Trump campaign and the GRU’s operations. Cambridge Analytica is not the big bad here in essence but a part of a larger whole that the news media seems to be unable to grok because it is not as sexy as having a new Bond style villain to get clicks on. No, the larger and more subtle story here is that the people were manipulated by the Mercer’s, the Bannon’s and the GRU using the tools given to them by Facebook and Facebook as well as the media, to synergize the propaganda with the help of all that information the people have chosen (wittingly or otherwise) to give up by using these platforms.

While the truth keeps coming out in drips and drabs on Cambridge Analytica, one has to also take note of the Channel 4 undercover video’s as well where CA’s Alexander Nix offers up age old kompromat style operations to their would be client. This all likely is second nature to the SCL group, the company that is tied to the MOD and DOD as offering tools for propaganda and manipulation in the past and of which CA is a spin-off company. Once you understand this, then you can see how Nix might just be offering things off of the menu from SCL and happily so to make a sale here.

What Nix is offering though might in fact be the modus operandi for the “whole package” in the case of political manipulation. Think about it, you target the people you want to vote, you then set up the opponent with kompromat and then you leak that judiciously. It would destroy the candidate and prop up their opponent pretty well don’t you think? Overall, what you have to realize here is that Cambridge Analytica was selling itself not just as an analytics company with a side of advertising for political campaigns, but instead a one stop shop in black propaganda and dirty tricks using analytics and psychology to target the voter. Of course now you have to ask yourselves just how effective CA’s pscyhographics and operations really were, how they may have learned from past experience, and what may have been their pivot from just analytics and psychology to propaganda and dirty tricks to pay the bills. First though, let’s look at the data I found and run through some of the premises that CA puts forth to see where fact meets Phrenology.

The Data:

I was Google dorking around the other day and came across someone’s git repo that had an Excel sheet in it concerning Cambridge Analytica’s clients in 2016. When I opened this up I was amazed to see just who else was using CA’s psychometrics for their campaigns other than Trump. What I saw was that Ben Carson, John Bolton, Ted Cruz, and a host of other orgs had been using CA’s offerings as far back as 2014, in the case of Bolton’s super PAC. Carson and Cruz both had limited dalliances with CA but Trump spent considerably on Analytica in 2016. In fact you can see from the sheet, the campaign slogans or catch phrases that they tried too, using them as code names for projects.

All of this data was obtained through the fec.gov website where they have to give up the information as part of the law. So no secrets here really but interesting information to be gleaned on who was using CA’s services and just how long this has been going on. In the case of John Bolton, you can see that he was attempting to use CA to further the candidacy of someone he was supporting back in 2014. In total, the sum for all this work shown here is over four million dollars between all the campaigns and entities.

Notice though, no charges for Ukrainian hookers and blow for kompromat though. *snerk*

Of note as well are the ancillary campaign strategies or slogans that they had for Trump before they came up with the MAGA (Make America Great Again) claptrap, a slogan though that for those of a certain mind, worked wonders for Trump and his particular brand of populism no? You had “Make America Number 1” which is just not as catchy as “Make America GREAT Again” which they refined from the number one phrase. Of course the whole mode here is to say that America is no longer ‘great’ and it can only be made ‘great’ again by Trump. This is a clever little psychological trick in that it pastes everyone else as part of the pool of people that made America lose it’s greatness and is a phrase that those of a mind, can latch onto as a dog whistle.

While I was dorking, I also located a bunch of FARA statements that SCL-Social filled out and gee, who was funneling money to CA to work as a foreign agent? Why Dubai and the UAE of course! You can see the FARA statements made by Andreae and Associates (a political intelligence and risk group in the US) that is working for SCL-Social, a sub division of SCL-Group, and parent to Cambridge Analytica. What a tangled web we weave when we practice to deceive… Or at last manipulate.

As a side note, if you look at the original filings on the FEC site you can see more information on the who and the what and the how. In one case I have looked at so far, the LLC that was created to spend the money on “Make America Number 1” is called “GLITTERING STEEL” which to me sounds like one of those derpy names given to APT actors or bad spy novels. Well, once you Google that name though you can see even more about this, that it was a Bannon run entity and that there is at least one law suit pending over their illegal actions in California.

This shit is deep folks… Like “deep state” deep. Anyway, I will continue Googling but you can too! Let me know if you find good stuff out there that maybe I can further write about.

Python Scripts:

While I was Googling up that spreadsheet, I also came across some .py scripts that were on a github for a Michael Phillips, who works for Cambridge Analytica. His creations were for harvesting data from Twitter and pulled geolocation data in one and sentiments in the other. In his geolocation script he was looking to pull addresses with accurate lat and long too! Now, you and I know that Twitter allows this kind of thing and others like me have used different tools to pull OSINT on characters like da’eshbags and the like over the years. It is of note though, that Twitter has to my knowledge, not been mentioned that much with regard to targeting and psychometrics mining by CA in the press. So, this is interesting and makes me wonder if perhaps CA has had more inside access to other features of Twitter as well?

Twitter is notoriously not that helpful to the government and others so I have to wonder if access was given was it bought? What kind of data would Twitter have sold? What do we really know here? Do we know anything about this? Anyone have any insight here for me? I for one would like to know if Twitter was working with CA and to what extent if any they where. This becomes really important just like access to Facebook data because Twitter was the second tool du jour that the GRU used to sow all the chaos and push the propaganda in the 2016 election cycle as well as in other areas such as Brexit and other attacks on Ukraine and the like.

But I digress… Let’s look at the real value of Cambridge Analytica’s potential versus the tools afforded by the likes of Twitter and Facebook themselves.

Psychographics Versus Custom Audiences and Lookalike Audiences:

A lot of the news cycle has been taken up with Analytica of late but what are they offering and just how effective could psyhcometric profiles be of users on Facebook? CA claims to have the ability to target people by the OCEAN profiling system of analytics. This is how they managed to make an application that then stole others data in the form of a personality test that they leveraged on Facebook. While this testing can lead to some valuable information, it is not as accurate or the right tool in my book to micro target a voter as opposed to someone buying something that they like or want. While this was the bread and butter of CA’s claims the reality is that this tool is not enough to hone in on people that well to be a real factor in electing Donald Trump and you all have to realize this.

What’s more, if you look at the toolbox of Facebook alone, they have some algorithms and applications alone that could have been a major factor in Trumps win. The primary two tools are ‘Custom Audiences‘ and ‘Lookalike Audiences‘ which Facebook uses to target people for advertising and the like. Both of these tools take outside data, in the case of this last election cycle that data would be voter rolls. Uploading those rolls (which you can access) you then are targeting your audience to push feeds to. In the case of Trump, then you are using the Republican rolls and targeting en mas your message to them. Now, consider this, those same rolls were used by the GRU to push content to those feeds as well. That’s right, ad buys by the GRU, remember all the talk about that in the news?

Ok so where does that leave us? Well, with CA and Facebook, you could be targeting those people who are outside the rolls and magnifying your efforts with the likes and the comments by stealing the 50 million people’s data as well. This basically becomes an amplification attack kinda like a DoS if you think about it. In the scheme of things it seems CA was just another cog but when you look at it all as a whole you have to ask yourselves these questions;

1) Was CA able to target more people outside the norm?

2) Was CA then able to take ancillary data (other people’s) that also had the same “sentiments” as their core psychometric profile because they were friends of those core friendly users?

3) Was this data then given to the Russians either by insiders at CA or by the Trump campaign itself to help target users and spread the propaganda and active measures to greater effect?

These are the questions the Senate and House should be asking and I am sure that these are Questions the FBI and the Mueller probe are asking. Also, one should consider this more macro targeting than micro but meh, either way it seems that Facebook has a larger share of the blame that they certainly don’t want to take. This is especially true now that they have lost so much value on the stock market as well as losing clients like Space-X and Tesla recently in a backlash that continues.

Was, and Is Cambridge Analytica an Arm of SCL’s Propaganda and Psyops Operations?:

This leaves us at the point where Alexander Nix and his compatriot are seen on hidden video offering kompromat style operations as well as targeted psychographics. If you start looking into SCL, it’s mother org, you can see that they have a history of this kind of black propaganda offerings for the military and governments of the world. It would not be a stretch to see CA using SCL to do some dirty work if not doing it in house so to speak. So when Nix was caught on camera and later made some excuses that he was just “going with what the client wanted” I feel that this is closer to what he wanted to offer because it made money as opposed to the straight analytics package CA offers. Perhaps even more so, Nix knew that analytics was just not enough and that psychographics should really only be used in micro targeted ads for shoes.

If the targeting works, and psychometrics/psychographics do up to a point, then they can be a part of a larger package of tools to target a macro audience with micro tools. I think we have seen, and I have pointed out above that this is likely to work better as a larger package of many tools and operations to influence an audience but it is not the make all be all. I think they discovered that and went back to the old ways to make money with SCL’s cache and tools that have been in use for many years with great effect. Where the rubber meets the road in the 2016 election is that the Russians then possibly leveraged SCL and CA with or without their knowledge to even greater effect and that is what led us to where we are today.

How that actually happened is something for the investigators at the special counsel to tell us later on.

SCL’s Domains:

While I am on the subject of SCL and looking at future possibilities, I looked up everything that SCL owns domain wise. There are many domains that they own and we should keep an eye out for them in future being spun up. In fact, I kind of wonder if they have other domains hidden under other LLC’s etc that we have not seen that may have been part and party to some of the 2016 psyops and propaganda operations on behalf of the Trump campaign. Looking at these domains they have many plans and we should all be paying attention.

Conclusions:

So here are my conclusions looking at all of this stuff. First off, CA is not the big bad here but Facebook and maybe Twitter are. Ask yourselves and ask them just how much data they sold or gave access to other entities in the 2016 election cycle. Who were they? Were they connected to CA? SCL? GRU? Also be asking yourselves just how much do you want Facebook to have of your privacy? In posts recently I have seen people saying that phone calls and other private data were in the data dumps they downloaded. How did that data all get into their hands? Well, you let it happen! If you have Facebook on your phone, well, then they have everything and unless you read the fine print, you are boned.

Secondly, I for one believe that Facebook and Twitter and other social media entities sold data to GRU cutouts and they should be taking more responsibility henceforth. I know that Facebook has made efforts to control ad buys and such but really, they hold the keys and unless they vet every application and client, well, it could happen easily again. Zuck needs to grow up and stop the fuckery. His platform is now a weapon and our privacy is the ammunition. I also think that everyone should consider leaving the platform because they hold too much of your data that can be abused. Until such a time as they take this seriously I would not invest the time on them.

Thirdly, I have to wonder just how much information was being passed between CA and Trump/Bannon/etc that made it to the GRU. There are more than a few Russians in the CA constellation that could have been leveraged by the Russians but until some thorough investigation is done it is hard to tell what happened here and at what scale. I do find it interesting though that at least the Facebook data and tools were leveraged and wonder how much was direct buy from GRU cutouts as opposed to passed on perhaps by assets within the Trump campaign itself.

Time will tell but in the meantime here is some data for you all to Mueller.

K.

Rate this:

With 2018 just hours away I thought I would add to the cacophony of posts on what you might see in the year to come, but in my case this is the black swan edition of NATSEC for the new year. There will be in my opinion no way that the Russian’s up the ante on active measures and hybrid warfare on the United States in the next year especially since there will be elections for Congress. Elections that will likely lessen Russia’s grip on the country if the Democrats can actually be a majority and control the possible investigations that are ongoing today.

Of course even if there weren’t an election coming the Russians and possibly others would still continue to stoke the active measure fires because it serves their ultimate purpose of making the US inert politically on the world stage. The whole point of these actions is to divide us and to lessen our ability to counter Russia in their global machinations. Overall, it is likely to be a wild ride next year and this primer may help you comprehend what might actually be happening.

Definitions

Active Measures Definition: (Russian: активные мероприятия) is a Soviet term for the actions of political warfare conducted by the Soviet and Russian security services (Cheka, OGPU, NKVD, KGB, FSB) to influence the course of world events, in addition to collecting intelligence and producing “politically correct” assessment of it.

Information Warfare Definition: Information warfare (IW) is a concept involving the battlespace use and management of information and communication technology in pursuit of a competitive advantage over an opponent.

Propaganda: Information, especially of a biased or misleading nature, used to promote or publicize a particular political cause or point of view.

Kompromat: kompromat. Literal meaning. compromising materials. In Russian politics, Kompromat, literally “compromising material”, is damaging information about a politician or other public figure used to create negative publicity, for blackmail, or for ensuring loyalty.

Hybrid Warfare Definition: Hybrid warfare is a military strategy that blends conventional warfare, irregular warfare and cyberwarfare. … There are a variety of terms used to refer to the hybrid war concept: hybrid war, hybrid warfare, hybrid threat, or hybrid adversary (as well as non-linear war, non-traditional war or special war).

The Players:

I want you all to consider that it will not only be Russia playing “Patriot Games” *wink wink* with us all in 2018, but also the other players who likely will be part of the larger picture here. Russia is a given, but as we have seen of late, the GOP seems to be playing much of the same cards that the Russians have against us in the last couple years. The GOP has taken their playbook and augmented it with Trump’s particular brand of crazy as well. Ultimately we have gone through the looking glass because the Russian’s active measures worked. We are now in a “post truth” and “alternative facts” universe which has caused many unable to parse out the reality of things to just either shut down or buy into their narratives whole hog.

Russia: will continue to attack reality and cause more fissures within our people and our government.

GOP: Will adapt the Russian and Trumpian playbook as well. They have done plenty of dirty tricks in the past, but now, they are armed with a tactical info nuke.

Third Parties: China, Iran, others, all will have their reasons to continue and extend the fissures and use them to their advantage.

There are many players who may want to get in on this game to serve their own purposes. Remember this as you try to sort all of it out as it happens.

Attacks

So I am going to throw out some scenarios or attack models here for you to consider. Some or all of these may happen in 2018. Maybe none will happen… Who am I trying to kid here! In any case, consider these as possible attacks and you may even see variations on these themes.

Sub Operations: HYBRID WAR

As we have seen a recent uptick in this activity already, and I am not sure of our SOSUS capabilities anymore, we have to consider that attacks may come from these little sub visits. Now, if you are up on your sub history, the Jimmy Carter (SSN-23) was one of the subs that tapped RU comms. As we have tapped post SORM traffic, the Russians are likely doing the same with the fiber that is on the bottom of the ocean as well. These kinds of listening operations are pretty standard, but consider now that the Russians have stepped this up might signal more possible scenarios. By shaping traffic, cutting traffic, or injecting things into it, the Russians could have quite the little advantage.

The hack on the DNC servers was a pretty standard affair using phishing mails and then exploitation of the systems therein once they got a foothold. What data was exfiltrated though, and how it was parsed out and weaponized was the old new trick the US could not foresee evidently. The Russians have been carrying out this kind of warfare for years on Estonia and Ukraine as well as other countries that they feel the need to destabilize. We saw a fair amount of this in our election cycle in 2016 and you should expect more in 2018. In fact I would hazard to say that the operations are already in progress and data is being collected even as I type this.

Hacks on news systems

Insert fake stories to cause chaos and to delegitimize the org

Cause chaos and uncertainty (broadcast primarily but also news sites like CNN’s page)

Hacks on EAM systems (Emergency Action Message) There have been recent hacks on these systems by hackers but imagine a nation wide alert set by Russia?

Cause panic

Cause DoS on telco and other systems

Spur over action by government and populace

BGP re-routes

Ability to disrupt news

Ability to disrupt C&C

Ability to insert data into C&C

Leaks

More governmental leaks

Personal leaks (kompromat)

Leaks of doctored documents (Disinformation Operations)

Trolls armies

Twitter

Facebook

News sites

Comments sections

As we saw on the Net Neutrality comment site, these attacks can be leveraged against any public comment topic. So imagine it being used on the White House site (that is if the Trump admin hadn’t basically killed that function already)

Radio commenters

AM/SW radio broadcasts

HUMINT/Asset Recruitment

Ah yes, one of my favorite categories… As an old school guy who was around before the computer was so ubiquitous, this form of espionage was the thing. Of course the NSA had signals intel, radio, bugging, etc, but good old human assets can do quite a bit and should still be a thing. Today I would say that in tandem with the active measures attacks that we have seen and will see in 2018, you can count on more human assets being activated. These can be trolls that are real people who take on personae online as well as players within the system who have been recruited or turned.

Asset recruitment of GOP players

Asset recruitment of proxy group individuals

Kompromat use

Kinetic Attacks by Proxy Operations

Kinetic attacks are not as likely but given that things are getting out of hand, and may get even more out of control, I thought it prudent to add this. What I mean by kinetic attacks by proxies is simply that the actors could incite groups and individuals to violent action. We saw in 2017 the Nazi (alt-right) movement’s rise and in that, we saw violence perpetrated as well as at least one death by a Nazi running down a protester. This type of activity is standard operations really in the history of espionage and active measures both by Russia and by the US. If you doubt the US has done such things you should look up our interventions in South America in the past.

Insert proxy actors to actualize physical attacks

Use groups like KKK and others to initiate more kinetic actions like bombings and confrontations

Cause over reaction on populace part

Cause over reaction by local and federal governments

Over reactions like martial law or other types of crack downs

Likely to cause further surveillance tactics and programs

Digital Attacks That Lead To Kinetic Results

And the attack du jour of late, the cyber attacks that cause kinetic effects! Honestly there is no evidence of there being a possible wide scale attack being carried out successfully on the US grid, but, there is always a chance. Of course smaller scale attacks in regions could be possible and carried out to great effect. The effect I speak of would be to perhaps hinder voting, but more so to sow chaos and uncertainty in the population. If you strike the right balance, you could even tailor an attack to lead people to a certain political actor as they run a narrative that gives assurance of reciprocity etc.

I know, now it’s sounding all Manchurian Candidate huh? Well, look at Trump and what happened and then think about it again. He has been pretty much using the Russians playbook that he was given by Putin so it’s not so inconceivable.

Power: Power goes down

Water: Water stops flowing or becomes tainted

Telco: Cells go down

Media: No news in an emergency with any of the other situations people will freak

Well, those are some of the scenarios I can foresee. I am sure there will be plenty of others that I could not even imagine today. Suffice to say that we will be under attack again with more vigor specifically by the Russians and the GOP in hopes that they will keep their seats. All of us just need to strap in for the Krazy Ivan to come. Just remember to be judicious in your consuming of media and always think before you freak.

Happy New Year!

K.

Rate this:

Given the events yesterday I am feeling like unburdening a little bit on the subject of the emails being forwarded by Huma Abedeen to the laptop at home in the custody of Anthony (Carlos Danger) Weiner. One of the reasons for Comey’s firing ostensibly was about his mis-statements over the emails being sent to the Weiner laptop that he opened the can of worms on and helped lose the election for Hillary (not the only reason people!) as they say. The fact of the matter is now everyone is saying that Huma’s emails were auto backed up and that the term “sending” them is a misnomer in a way because the then director had said she was forwarding them for printing out by Anthony or her at home. Let me stop you all right there and say there is no difference. The intent of forwarding the emails or backing them up to an email address accessed by or directed to that personal laptop is the key here. Someone had to set that up right? It was something that did not evolve by itself and just came into being!

The issue here is the semantics of language and perhaps comprehension of how things work in the cyber. Comey made a mistake in wording but the basis of the argument stands. Why was she forwarding or backing up all data to that laptop or account outside of the government systems appropriate for this series of email? This is the question you all should be asking and once again it was against protocol and yes there were emails in there that later were deemed to contain classified information. This makes it an issue and it was something that needed to be looked at. Now, as to how it was announced, well that is a judgement call on the part of the director and perhaps a bad one. I honestly listened to his testimony and saw both sides of the issue as well and there was no good answer here.

Now though the director has been fired in a most unceremonious way and all of this smells bad with regard to the RussiaGate investigation and abuse of power. Let’s not allow Trump to skew this one thing amongst all the others into a reason for his firing a direct threat to his presidency. The real truth is that Huma was sending email to a non secure site/system and that was the crux of the issue. Director Comey’s description of this incident has little do to in my opinion with his summary dismissal of the director.